package com.ruoyi.framework.security;

import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.framework.web.service.SysPermissionService;
import com.ruoyi.system.service.ISysUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component;
import java.util.Set;

/**
 * 企业微信登录认证提供者
 * 类似于DaoAuthenticationProvider
 * 
 * @author ruoyi
 */
@Component
public class QyWechatAuthenticationProvider implements AuthenticationProvider
{
    @Autowired
    private ISysUserService userService;

    @Autowired
    private SysPermissionService permissionService;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException
    {
        QyWechatAuthenticationToken qyWechatToken = (QyWechatAuthenticationToken) authentication;
        
        String qyUserId = (String) qyWechatToken.getPrincipal();
        String corpId = (String) qyWechatToken.getCredentials();
        //qywechat__qyUserId
        //对qywechat__进行处理得到qyUserId
        qyUserId = StringUtils.substringAfter(qyUserId, "qywechat__");
        // 根据企业微信用户ID查询用户
        SysUser user = userService.selectUserByQyWechatUserId(qyUserId);
        
        if (user == null)
        {
            throw new BadCredentialsException("该企业微信账号尚未绑定系统用户");
        }
        
        // 检查用户状态
        if ("1".equals(user.getStatus()))
        {
            throw new BadCredentialsException("用户已被停用，请联系管理员");
        }
        
        if ("1".equals(user.getDelFlag()))
        {
            throw new BadCredentialsException("用户已被删除，请联系管理员");
        }
        
        // 获取用户权限
        Set<String> permissions = permissionService.getMenuPermission(user);
        
        // 创建LoginUser对象
        LoginUser loginUser = new LoginUser(user.getUserId(), user.getDeptId(), user, permissions);
        
        // 返回已认证的Token
        return new QyWechatAuthenticationToken(loginUser, corpId, loginUser.getAuthorities());
    }

    @Override
    public boolean supports(Class<?> authentication)
    {
        return QyWechatAuthenticationToken.class.isAssignableFrom(authentication);
    }
}